Mayhem Blog

ForAllSecure hosted a hackathon at Arizona State University where 181 students, including Vishnu Prateek Kakaraparthi, participated as part of the Mayhem Heroes program.

The LockBit ransomware gang no longer offers just one service, like ransomware, but multiple services, like anti-analysis tools and bug bounty programs. Mick Baccio from Splunk’s SURGe explains how ransomware gangs are evolving into crimeware-as-a-service platforms, as one stop shop for all your online criminal needs.

Try API fuzzing with the Swagger Petstore API, a stand-alone REST API server that implements the OpenAPI 3 Specification. Learn how to fuzz the Pestore API!

Learn how to improve successful coverage with Mayhem for API by adding or refining schemas in the spec to generate structurally valid payloads.

ForAllSecure hosted a hackathon at Arizona State University where 181 students, including Bailey Capuano, participated as part of the Mayhem Heroes program.

Lighttpd is an open-source web server optimized for speed with considerations for compliance, security, and flexibility. Lighttpd 1.4.15 had a few vulnerabilities that have since been patched. Let's use Mayhem to sniff out those bugs.

Once authentication is configured, the next step is to ensure that Mayhem for API is able to successfully cover as much of your API as possible.

In this post, we'll look at how we've enhanced our Postman integration. We now support API Key, Bearer Token, Basic Auth and OAuth 2.0.

When Mayhem generates test cases, it also saves those test cases for future Mayhem runs of the same target. This way, future Mayhem runs can utilize those previously generated test cases to confirm if the current fuzzing behavior of the target application has changed. Learn more in this post.